Advisories » MGASA-2022-0192

Updated opencontainers-runc packages fix security vulnerability

Publication date: 21 May 2022
Modification date: 21 May 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-29162

Description

A bug was found in runc where runc exec --cap executed processes with
non-empty inheritable Linux process capabilities, creating an atypical
Linux environment and enabling programs with inheritable file capabilities
to elevate those capabilities to the permitted set during execve(2). This
bug did not affect the container security sandbox as the inheritable set
never contained more capabilities than were included in the container's
bounding set. (CVE-2022-29162)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30421
• https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
• https://www.openwall.com/lists/oss-security/2022/05/12/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29162

SRPMS

8/core

• opencontainers-runc-1.1.2-2.mga8